nvd-json-data-feeds/CVE-2023/CVE-2023-201xx/CVE-2023-20179.json

{
  "id": "CVE-2023-20179",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2023-09-27T18:15:10.987",
  "lastModified": "2024-01-25T17:15:32.757",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.\r\n\r This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Catalyst SD-WAN Manager, anteriormente Cisco SD-WAN vManage, podr\u00eda permitir que un atacante remoto autenticado inyecte contenido HTML. Esta vulnerabilidad se debe a una validaci\u00f3n inadecuada de los datos proporcionados por el usuario en los campos de elementos. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando contenido malicioso dentro de las solicitudes y persuadiendo a un usuario para que vea una p\u00e1gina que contenga contenido inyectado. Un exploit exitoso podr\u00eda permitir al atacante modificar p\u00e1ginas dentro de la interfaz de administraci\u00f3n basada en web, lo que posiblemente generar\u00eda m\u00e1s ataques basados en el navegador contra los usuarios de la aplicaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      },
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "20.6.6",
              "matchCriteriaId": "24F12886-47A6-42A3-8408-5F0CEC98ECB0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "20.7",
              "versionEndExcluding": "20.10",
              "matchCriteriaId": "1DE03263-AA9C-4717-AF0B-33A5852623FE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-09-27T20:00:25.696695+00:00 2023-09-27 20:00:29 +00:00			`{`
			`"id": "CVE-2023-20179",`
			`"sourceIdentifier": "ykramarz@cisco.com",`
			`"published": "2023-09-27T18:15:10.987",`
Auto-Update: 2024-01-25T19:00:40.111528+00:00 2024-01-25 19:00:44 +00:00			`"lastModified": "2024-01-25T17:15:32.757",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2023-09-27T20:00:25.696695+00:00 2023-09-27 20:00:29 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.\r\n\r This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application."
Auto-Update: 2023-10-04T02:00:25.066418+00:00 2023-10-04 02:00:29 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Catalyst SD-WAN Manager, anteriormente Cisco SD-WAN vManage, podr\u00eda permitir que un atacante remoto autenticado inyecte contenido HTML. Esta vulnerabilidad se debe a una validaci\u00f3n inadecuada de los datos proporcionados por el usuario en los campos de elementos. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando contenido malicioso dentro de las solicitudes y persuadiendo a un usuario para que vea una p\u00e1gina que contenga contenido inyectado. Un exploit exitoso podr\u00eda permitir al atacante modificar p\u00e1ginas dentro de la interfaz de administraci\u00f3n basada en web, lo que posiblemente generar\u00eda m\u00e1s ataques basados en el navegador contra los usuarios de la aplicaci\u00f3n."
Auto-Update: 2023-09-27T20:00:25.696695+00:00 2023-09-27 20:00:29 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2023-10-04T02:00:25.066418+00:00 2023-10-04 02:00:29 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 2.7`
			`},`
Auto-Update: 2023-09-27T20:00:25.696695+00:00 2023-09-27 20:00:29 +00:00			`{`
			`"source": "ykramarz@cisco.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
Auto-Update: 2023-10-04T02:00:25.066418+00:00 2023-10-04 02:00:29 +00:00			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
Auto-Update: 2024-01-25T19:00:40.111528+00:00 2024-01-25 19:00:44 +00:00			`},`
			`{`
			`"source": "ykramarz@cisco.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-80"`
			`}`
			`]`
Auto-Update: 2023-10-04T02:00:25.066418+00:00 2023-10-04 02:00:29 +00:00			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage::::::::",`
			`"versionEndExcluding": "20.6.6",`
			`"matchCriteriaId": "24F12886-47A6-42A3-8408-5F0CEC98ECB0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage::::::::",`
			`"versionStartIncluding": "20.7",`
			`"versionEndExcluding": "20.10",`
			`"matchCriteriaId": "1DE03263-AA9C-4717-AF0B-33A5852623FE"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-09-27T20:00:25.696695+00:00 2023-09-27 20:00:29 +00:00			`"references": [`
			`{`
			`"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x",`
Auto-Update: 2023-10-04T02:00:25.066418+00:00 2023-10-04 02:00:29 +00:00			`"source": "ykramarz@cisco.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-27T20:00:25.696695+00:00 2023-09-27 20:00:29 +00:00			`}`
			`]`
			`}`